Abstract
In the last few years, attackers have been shifting aggressively to the IoT devices in industrial Internet of things (IIoT). Particularly, IoT botnet has been emerging as the most urgent issue in IoT security. The main approaches for IoT botnet detection are static, dynamic, and hybrid analysis. Static analysis is the process of parsing files without executing them, while dynamic analysis, in contrast, executes them in a controlled and monitored environment (i.e., sandbox, simulator, and emulator) to record system’s changes for further investigation. In this article, we present a novel and advanced method for IoT botnet detection using dynamic analysis to improve graph-based features, which are generated based on static analysis. Specifically, dynamic analysis is used to collect printable string information that appears during the execution of the samples. Then, we use the printable string information to traverse the graph, which is obtained based on the static analysis, effectively, and ultimately acquiring graph-based features that can distinguish benign and malicious samples. In order to estimate the efficacy and superiority of the proposed hybrid approach, we conduct the experiment on a dataset of 8330 executable samples, including 5531 IoT botnet samples and 2799 IoT benign samples. Our approach achieves an accuracy of 98.1% and 91.99% for detecting and classifying IoT botnet, respectively. These results show that our approach has outperformed other existing contemporary counterpart methods in the aspects of accuracy and complexity. In addition, our experiments also demonstrate that hybrid graph-based features for IoT botnet family classification can further improve static or dynamic features’ performance individually.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.